From e5aeb047a563b20769d49c2777d47039581ca7bd Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Fri, 18 Mar 2022 10:26:48 +0100 Subject: [PATCH] Bug 30199: Do not generate jwt if patron does not exist This is a follow-up patch for bug 29543. If an invalid cardnumber has been used we should not generate a token. Test Plan: 1. Set SelfCheckoutByLogin to 'cardnumber'. 2. Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl 3. Enter an invalid carnumber like 'thisisabadcardnumber' 4. See the appropriate message "Sorry The userid thisisabadcardnumber was not found in the database. Please try again." 5. Try again with a different cardnumber and notice the same exact error message including the 'thisisabadcardnumber' cardnumber. 6. Apply this patch 7. Restart all the things! 8. Repeat steps 2-4 9. Try again with a different cardnumber, you should now see the correct cardnumber! Signed-off-by: Lucas Gass Signed-off-by: Martin Renvoize Signed-off-by: Fridolin Somers Signed-off-by: Kyle M Hall --- opac/sco/sco-main.pl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/opac/sco/sco-main.pl b/opac/sco/sco-main.pl index 7e056fa34e..b293f100e1 100755 --- a/opac/sco/sco-main.pl +++ b/opac/sco/sco-main.pl @@ -134,6 +134,8 @@ if ( $patronid ) { $patron = Koha::Patrons->find( { cardnumber => $patronid } ); } +undef $jwt unless $patron; + my $branch = $issuer->{branchcode}; my $confirm_required = 0; my $return_only = 0; -- 2.39.5